TEISS guest blogger Sam Reed, chief technology officer at Air IT, shares his pick of cyber security resolutions for 2018.
Cyber security has certainly been in the spotlight this year, prompted by attacks on the NHS, Ukrainian critical infrastructure and many high profile companies worldwide.
As we enter 2018, we can expect the focus on cyber security to continue as technological advances give the internet an even more prominent role in all aspects of our lives.
So, making some cyber security resolutions for the New Year will stand you in good stead.
Protect your connected devices
The growth in the internet of things (IoT) is set to continue in 2018 and bring many benefits to our lives. At work, it can lead to greater productivity, while practices like remote working will become more common as the IoT gives staff greater flexibility to work off site.
Unfortunately, having more devices connected to the internet brings an added security threat. IoT devices can be hijacked by cyber criminals who can turn them into botnets and use them to carry out large scale attacks.
That’s exactly how the Mirai botnet attack in 2016 brought down sites like Netflix and Twitter.
To protect your IoT devices, start by tracking down all the connected devices you have and then apply basic measures like changing the default password and installing software updates regularly.
Also of interest: IoT and financial services
Move away from traditional passwords
Traditional passwords are a weak way of protecting sensitive business data: they rely on people following best practice rules they can easily ignore.
In 2018, take advantage of better password protection procedures. Two-step authentication is already becoming more common and now multi-factor authentication is likely to incorporate further layers of security.
Biometrics like fingerprints, voice recognition and facial scans will also be used for identification more widely.
Since mobile phones are often used in multi-step authentication, make sure they are protected too.
Also of interest: MPs and passwords
Make sure you are ready for GDPR
The introduction of the General Data Protection Regulation (GDPR) in May 2018 will raise the bar in terms of keeping people’s personal data safe. If you haven’t already done so, then now is the time to review what personal data you hold and the data governance procedures you have in place.
You need to ensure you have the right procedures in place to detect, report and investigate data breaches. It is better to have preventative measures in place rather than being reactive, so it’s worthwhile investing in technology to keep you one step ahead of cyber criminals.
Also of interest: GDPR puts pressure on school budgets
Prepare for more ransomware attacks
The ransomware attacks we experienced this year are unlikely to subside in 2018. If anything, we expect cyber criminals to have new tools at their disposal which will make it easier for novices to carry out attacks. So keep those back-ups in place and regularly test them.
Also of interest: Top 5 ransomware attacks
Safely into 2018
So make sure you learn from the mistakes of the past and don’t get caught out.
One thing that was clear from the attacks of 2017 is that humans are often the weak link when it comes to cyber-security. All your staff therefore need to undergo cyber security training.
The National Cyber Security Centre lays out 10 steps you can take to educate staff on how to prevent online threats. That means everyone can help your business stay protected in 2018.
Sam Reed is Chief Technology Officer at Air IT, an award-winning IT managed services provider. Has a keen interest in Open Source technologies and keeping up to date with the latest industry developments.
As well as being a gadget freak, he enjoys taking part in Tough Mudder events.